Report Malware and Suspicious Links here so Mods can take Action ! - page 47.

Lafu

legendary

Activity: 2996

Merit: 3114

Quote from: Rizzrack on June 22, 2020, 02:02:21 PM

~~~~~~

I tagged him now and reported all the posts with that fake links .
Maybe let me know if the Account gets recovered and all is fine again with the Account so i can remove my Feedback i have given.
Also i will take a look of older ANNs that was done in the past maybe i can find some changes from there Gihub links and Sources too.

Next Fake ANN here !

Thread : NatisCoin English algo SCRYPT 100% POS

User : ramazan5523 <---- Please Ban that User

This user recently woke up from a long period of inactivity.

Last post was done in October 15, 2018

Joined 1 hour ago on Github

Archive : https://archive.fo/wip/lAftX

Code:

WALLET AND SOURCE[/b][/size]
[b]Windows:[/b] https://github.com/NATISCOIN/NatisCoin/releases/download/Natis/natiscoin-qt-windows.zip
[b]Linux:[/b] https://github.com/NATISCOIN/NatisCoin/releases/download/Natis/natiscoin-qt-linux.tar.gz
[b]Source:[/b] https://github.com/NATISCOIN/NatisCoin/releases/download/Natis/natiscoin-source.tar.gz

Fake Github : https_://github.com/NATISCOIN/NatisCoin/

Real Github : https_://github.com/jovannyd/NatisCoin/

Original ANN

Thread : NatisCoin English algo SCRYPT 100% POS

User : jovannyd

Code:

[center][size=20pt]WALLET AND SOURCE
[/size][/center]
Windows: https://github.com/jovannyd/NatisCoin/releases/download/Natis/natiscoin-qt-windows.zip
Linux: https://github.com/jovannyd/NatisCoin/releases/download/Natis/natiscoin-qt-linux.tar.gz
Source: https://github.com/jovannyd/NatisCoin/releases/download/Natis/natiscoin-source.tar.gz

Next Fake ANN from NatisCoin again from a diffrent User !

Thread : 🔥 NatisCoin 🥉 English algo SCRYPT 100% POS ✅

User : sidneig007 <---- Please Ban that User

This user recently woke up from a long period of inactivity.

Last post was done in December 11, 2018

Archive : https://archive.fo/wip/zRJVK

Code:

[size=18pt][b]
WALLET AND SOURCE[/b][/size]
[b]Windows:[/b] https://github.com/NATISCOIN/NatisCoin/releases/download/V.1.0.0/natiscoin-qt-windows.zip
[b]Linux:[/b] https://github.com/NATISCOIN/NatisCoin/releases/download/V.1.0.0/natiscoin-qt-linux.tar.gz
[b]Source:[/b] https://github.com/NATISCOIN/NatisCoin/releases/download/V.1.0.0/natiscoin-source.tar.gz

Fake Github : https_://github.com/NATISCOIN/NatisCoin/

Real Github : https_://github.com/jovannyd/NatisCoin/

Rizzrack

copper member

Activity: 769

Merit: 702

Defend Bitcoin and its PoW: bitcoincleanup.com

Quote from: DaveF on June 22, 2020, 01:46:42 PM

At least some of the threads are still there:
https://bitcointalksearch.org/topic/ann-ravencoin-rvn-pow-gpu-mining-asset-transfer-blockchain-updated-ann-3238497

And if you follow the link for the windows miner it goes to:
https-:-//github.com/RavenCommunlty/kawpowminer/releases/download/1.2.2/kawpowminer-windows-1.2.2.zip

Not the proper link so a flag is good. Also, if they ever come back as a legitimate user we can pull our support from the flag.

-Dave

Flags show in his own threads (does not have any) and on his profile/trust page.
I know it's phishing.. I also said that a few posts back.

It's just that I don't feel confortable leaving a flag on a hacked account. The original owner posted only russian and at some point someone else "found" his password and user gets a flag
. A permanent mark on that profile.
IMHO a negative would suffice in these types of cases.
Most of them were newbies accounts, jr member... dispensable basically.
I understand you want that banner to be displayed in the thread because most of them are self-mod and they delete the warning posts but... At least for higher rank members I would rather not taint them for having a week password.
The user is locked and needs to email us before using it again.

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: Rizzrack on June 22, 2020, 01:15:23 PM

Quote from: DaveF on June 22, 2020, 01:11:38 PM

...
Also reported.

-Dave

That user bagera was most definitely hacked and his threads were trashed. A flag might not be that useful right now imo...

At least some of the threads are still there:
https://bitcointalksearch.org/topic/ann-ravencoin-rvn-pow-gpu-mining-asset-transfer-blockchain-updated-ann-3238497

And if you follow the link for the windows miner it goes to:
https-:-//github.com/RavenCommunlty/kawpowminer/releases/download/1.2.2/kawpowminer-windows-1.2.2.zip

Not the proper link so a flag is good. Also, if they ever come back as a legitimate user we can pull our support from the flag.

-Dave

Rizzrack

copper member

Activity: 769

Merit: 702

Defend Bitcoin and its PoW: bitcoincleanup.com

Quote from: DaveF on June 22, 2020, 01:11:38 PM

...
Also reported.

-Dave

That user bagera was most definitely hacked and his threads were trashed. A flag might not be that useful right now imo...

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: Lafu on June 22, 2020, 12:37:36 PM

Quote from: Rizzrack on June 22, 2020, 12:04:51 PM

indeed seems hacked and indeed was spreading the fake repo to the communlty ...
Good catch !

Is it possible to get rid of all this fake github links that he has posted ?

https://bitcointalksearch.org/topic/ann-etc-ethereum-classic-immutable-smart-contracts-5134923
https://bitcointalksearch.org/topic/annubq-ubiq-smart-contracts-for-an-automated-world-1763606
https://bitcointalksearch.org/topic/ann-ethereum-welcome-to-the-beginning-428589
https://bitcointalksearch.org/topic/ann-ethereum-welcome-to-the-beginning-428589
https://bitcointalksearch.org/topic/ann-ravencoin-rvn-pow-gpu-mining-asset-transfer-blockchain-updated-ann-3238497
https://bitcointalksearch.org/topic/ann-ravencoin-rvn-pow-gpu-mining-asset-transfer-blockchain-updated-ann-3238497

Or should i report it ?

I just created a flag: https://bitcointalksearch.org/topic/thead-for-listing-malware-posters-5257338
Please support it so newbies will see the warning.

Also reported.

-Dave

Rizzrack

copper member

Activity: 769

Merit: 702

Defend Bitcoin and its PoW: bitcoincleanup.com

Quote from: Lafu on June 22, 2020, 12:37:36 PM

Quote from: Rizzrack on June 22, 2020, 12:04:51 PM

indeed seems hacked and indeed was spreading the fake repo to the communlty ...
Good catch !

Is it possible to get rid of all this fake github links that he has posted ?

Or should i report it ?

I am a patroller, can moderate only newbies. I already reported them... mods will need to delete then I guess Wink

Lafu

legendary

Activity: 2996

Merit: 3114

Quote from: Rizzrack on June 22, 2020, 12:04:51 PM

indeed seems hacked and indeed was spreading the fake repo to the communlty ...
Good catch !

Is it possible to get rid of all this fake github links that he has posted ?

https://bitcointalksearch.org/topic/ann-etc-ethereum-classic-immutable-smart-contracts-5134923
https://bitcointalksearch.org/topic/annubq-ubiq-smart-contracts-for-an-automated-world-1763606
https://bitcointalksearch.org/topic/ann-ethereum-welcome-to-the-beginning-428589
https://bitcointalksearch.org/topic/ann-ethereum-welcome-to-the-beginning-428589
https://bitcointalksearch.org/topic/ann-ravencoin-rvn-pow-gpu-mining-asset-transfer-blockchain-updated-ann-3238497
https://bitcointalksearch.org/topic/ann-ravencoin-rvn-pow-gpu-mining-asset-transfer-blockchain-updated-ann-3238497

Or should i report it ?

Rizzrack

copper member

Activity: 769

Merit: 702

Defend Bitcoin and its PoW: bitcoincleanup.com

Quote from: morvillz7z on June 22, 2020, 11:30:00 AM

Hey Rizzrack,

Can you look up the following account - bagera? He is spamming that fake KawPowMiner in various alt threads.
...

indeed seems hacked and indeed was spreading the fake repo to the communlty ...
Good catch !

morvillz7z

legendary

Activity: 2212

Merit: 2061

Join the world-leading crypto sportsbook NOW!

Hey Rizzrack,

Can you look up the following account - bagera? He is spamming that fake KawPowMiner in various alt threads.

Ravencoin - https://bitcointalksearch.org/topic/ann-ravencoin-rvn-pow-gpu-mining-asset-transfer-blockchain-updated-ann-3238497 (archive)
Ethereum Classic - https://bitcointalksearch.org/topic/ann-etc-ethereum-classic-immutable-smart-contracts-5134923 (archive)
Ubiq - https://bitcointalksearch.org/topic/annubq-ubiq-smart-contracts-for-an-automated-world-1763606 (archive)
Ethereum - https://bitcointalksearch.org/topic/ann-ethereum-welcome-to-the-beginning-428589 (archive)

His first post since December 29, 2018 was a link to RavenCommunlty GitHub repo made back in May, which indicates that it's probably a hacked account.

Rizzrack

copper member

Activity: 769

Merit: 702

Defend Bitcoin and its PoW: bitcoincleanup.com

Noticed that [ANN] KawPowMiner v1.2.3 - first miner for KawPow algo [AMD/Nvidia+Win/Linux] posted by KawPowBoo had phishing links for wallet downloads

Code:

Real: Windows: https://github.com/RavenCommunity/kawpowminer/releases/download/1.2.3/kawpowminer-windows-1.2.3.zip
Fake: Windows: https://github.com/RavenCommunlty/kawpowminer/releases/download/1.2.3/kawpowminer-windows-1.2.3.zip

Thread trashcanned
Archived: https://archive.vn/HTSbC

OP's account was locked.
Definitely had the good github repo and edited it later on. As OP admitted he was hacked (but I call BS on that)

Another one for the list I guess...

P.S. sent a merit to the first guy who mentioned the link issue before trashing the thread (just so we're clear on that Tongue

)

Lafu

legendary

Activity: 2996

Merit: 3114

I was thinking from the beginning as i have seen and readed the thread that there is something strange.
And as i have written in the thread why he hasnt posted the Website and original github link.
Nice catching and watching on that morvillz7z, thank you .

morvillz7z

legendary

Activity: 2212

Merit: 2061

Join the world-leading crypto sportsbook NOW!

Quote from: Lafu on June 19, 2020, 10:39:40 PM

Suspicious ANN !!

Thread : [ANN] [HNS] HandShake - peer-to-peer root system [POW/Own algo/Exchanges]

We got in the past an User firehawk71 that has posted the same ANN too but it got deleted !

This is indeed suspicious but i think i was only able to report firehawk71 for his Tellor (TRB) and Kadena fake threads and not for HandShake.

firehawk71 was trying to push the following GitHub: "https_://github.com/kyokano" http://loyce.club/archive/posts/5386/53868592.html

I wouldn't be surprised if both accounts "kyokan" and "kyokano" are malicious, especially after reading these two comments:

http://loyce.club/archive/posts/5399/53998776.html
http://loyce.club/archive/posts/5398/53983159.html

Quote from: Lafu on June 19, 2020, 10:39:40 PM

Dont know whats going on with this thread from that User and will watching it !

I think i will do the same!

edit;

It turns out it is a fake ANN, OP changed the windows wallet link earlier today:

http://archive.md/VkcnK

from: https_://github.com/kyokan to https_://github.com/kyolkan/ (created two days ago)

Code:

https://github.com/kyolkan/bob-wallet/releases/download/v0.3.0/Bob.0.3.0.zip

Lafu

legendary

Activity: 2996

Merit: 3114

Suspicious ANN !!

Thread : [ANN] [HNS] HandShake - peer-to-peer root system [POW/Own algo/Exchanges]

User : HandShakes

Archive : https://archive.fo/wip/x1Pzf

Code:

Wallets
Windows: https://github.com/kyokan/bob-wallet/releases/download/v0.3.0/Bob.0.3.0.msi
MAC: https://github.com/kyokan/bob-wallet/releases/download/v0.3.0/Bob-0.3.0.dmg

Looks like copied and pasted from there Webpage as there is no source link in the Thread !

Quote from: HandShakes on June 19, 2020, 10:12:38 AM

About HNS
HandShake - decentralized, permissionless naming protocol where every peer is validating and in charge of managing the root DNS naming zone with the goal of creating an alternative to existing Certificate Authorities and naming systems. Names on the internet (top level domains, social networking handles, etc.) ultimately rely upon centralized actors with full control over a system which are relied upon to be honest, as they are vulnerable to hacking, censorship, and corruption. Handshake aims to experiment with new ways the internet can be more secure, resilient, and socially useful with a peer-to-peer system validated by the network's participants.

Quote

ABOUT HANDSHAKE
Handshake is a decentralized, permissionless naming protocol where every peer is validating and in charge of managing the root DNS naming zone with the goal of creating an alternative to existing Certificate Authorities and naming systems. Names on the internet (top level domains, social networking handles, etc.) ultimately rely upon centralized actors with full control over a system which are relied upon to be honest, as they are vulnerable to hacking, censorship, and corruption. Handshake aims to experiment with new ways the internet can be more secure, resilient, and socially useful with a peer-to-peer system validated by the network's participants.

Source : https://handshake.org/

The next thing is on the Github from github.com/kyokan is also a folder github.com/kyokan/hsd/releases !

But on the Webpage https://handshake.org/ they have the Github:

Code:

https://github.com/handshake-org

Dont know whats going on with this thread from that User and will watching it !

We got in the past an User firehawk71 that has posted the same ANN too but it got deleted !

busminer

hero member

Activity: 1764

Merit: 570

Twitter\X @AlexKosa1

Quote from: Rikafip on June 18, 2020, 06:28:22 AM

Quote from: busminer on June 18, 2020, 05:55:33 AM

Do you guys have any thoughts on this ?

First thing, there is no need to quote their whole ANN when you are reporting something suspicious, link to topic and archived version is enough.

Regarding that DSF project, whether they intend to spread malware I don't know, but they are obviously shilling their thread. Newbie accounts made in 2018/2019 with no prior activity suddenly appeared just when this thread has been made, and showing classic shill behavior. That is not something that any legit project would do, and is a big red flag in my eyes (not the reason to delete the thread though, but you can always report shill posts, and usually they get deleted.) So yeah, they are definitely suspicious.

Quote edited, keep watching them, thanks.

Rikafip

legendary

Activity: 1722

Merit: 5937

Quote from: busminer on June 18, 2020, 05:55:33 AM

Do you guys have any thoughts on this ?

First thing, there is no need to quote their whole ANN when you are reporting something suspicious, link to topic and archived version is enough.

Regarding that DSF project, whether they intend to spread malware I don't know, but they are obviously shilling their thread. Newbie accounts made in 2018/2019 with no prior activity suddenly appeared just when this thread has been made, and showing classic shill behavior. That is not something that any legit project would do, and is a big red flag in my eyes (not the reason to delete the thread though, but you can always report shill posts, and usually they get deleted.) So yeah, they are definitely suspicious.

busminer

hero member

Activity: 1764

Merit: 570

Twitter\X @AlexKosa1

Quote from: busminer on June 17, 2020, 01:34:42 AM

Very suspicious in my opinion,this user's password was reset recently,a self-moderated topic
https://www.hybrid-analysis.com/sample/263eeb10202871d0567073eeb9c6ea3b111260f22021f7ed069cd52c1a22054f

User DSFchain https://bitcointalksearch.org/user/dsfchain-2797527
https://bitcointalksearch.org/topic/m.54633842

Quote from: DSFchain on June 17, 2020, 01:21:35 AM

Only newbie posting there trying to shill...there are no chats for the community, the site was registered in April and only for one year
also this
https://www.hybrid-analysis.com/sample/263eeb10202871d0567073eeb9c6ea3b111260f22021f7ed069cd52c1a22054f/5ee9a8fa5dd58b19c44c4972

Quote

equires permissions that could be uesd for malicious intents

details
   Permission request for "android.permission.ACCESS_COARSE_LOCATION"
   Permission request for "android.permission.ACCESS_FINE_LOCATION"
   Permission request for "android.permission.INTERNET"
   Permission request for "android.permission.WRITE_EXTERNAL_STORAGE"
   Permission request for "android.permission.READ_PHONE_STATE"
   Permission request for "android.permission.READ_CONTACTS"
   Permission request for "android.permission.CALL_PHONE"
   Permission request for "android.permission.CHANGE_WIFI_STATE"
   Permission request for "android.permission.CHANGE_WIFI_MULTICAST_STATE"
   Permission request for "android.permission.RECORD_AUDIO"
   Permission request for "android.permission.GET_TASKS"
   Permission request for "android.permission.MANAGE_ACCOUNTS"
   Permission request for "android.permission.MOUNT_UNMOUNT_FILESYSTEMS"
   Permission request for "android.permission.BLUETOOTH"
   Permission request for "android.permission.BLUETOOTH_ADMIN"
   Permission request for "android.permission.CAMERA"
   Permission request for "android.permission.CHANGE_NETWORK_STATE"
   Permission request for "android.permission.MODIFY_AUDIO_SETTINGS"
   Permission request for "android.permission.SYSTEM_ALERT_WINDOW"
   Permission request for "android.permission.RECEIVE_BOOT_COMPLETED"
source
   Static Parser
relevance
   10/10

Do you guys have any thoughts on this ?

Bitcoinsummoner

hero member

Activity: 1358

Merit: 622

Maintain Social Distance, Stay safe.

Quote from: Lafu on June 17, 2020, 06:05:11 PM

It always bring you just to the thread on the first page when you click the link on the flag.

Will it always redirect to the first page of the thread? What if we give reference of a post instead of a topic which we can copied from the number of the post at the right side of the post?

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: Lafu on June 17, 2020, 06:05:11 PM

I support this Flag but you have to create maybe for Flags your one thread in Reputation.
Because the link on the Falg just directing to the thread and not to your post .
It always bring you just to the thread on the first page when you click the link on the flag.
And you have to research the whole thread for the post for the Flag.

Maybe that would be an suggestion for @theymos that its allowed also to link to posts on flaggs when you create them.

The flag is more to put up a big warning to any guest / new person who looks at the post.
It's not like anyone is really going to dispute it. Since these threads tend to be moderated posting the "It's a virus" warning can only do so much. A banner that says do not trust might do a bit more.

-Dave

Lafu

legendary

Activity: 2996

Merit: 3114

Quote from: DaveF on June 17, 2020, 05:31:46 PM

Malware --> https://bitcointalksearch.org/topic/--5256330
Archive --> http://archive.is/mQb4K
Please ban this user --> https://bitcointalksearch.org/user/h4rdc0r3r1c-19633

Support the flag --> https://bitcointalk.org/index.php?action=trust;flag=2032

Original ANN --> https://bitcointalksearch.org/topic/ann-2x2-pos-coin-staking-rewards-1-every-day-365-roi-5187844

-Dave

I support this Flag but you have to create maybe for Flags your one thread in Reputation.
Because the link on the Flag just directing to the thread and not to your post .
It always bring you just to the thread on the first page when you click the link on the flag.
And you have to research the whole thread for the post for the Flag.

Maybe that would be an suggestion for @theymos that its allowed also to link to posts on flaggs when you create them.

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Malware --> https://bitcointalksearch.org/topic/--5256330
Archive --> http://archive.is/mQb4K
Please ban this user --> https://bitcointalksearch.org/user/h4rdc0r3r1c-19633

Support the flag --> https://bitcointalk.org/index.php?action=trust;flag=2032

Original ANN --> https://bitcointalksearch.org/topic/ann-2x2-pos-coin-staking-rewards-1-every-day-365-roi-5187844

-Dave

Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 47. (Read 34697 times)